Proxy Package Layouts

Every software package has a suggested filesystem layout, and proxy servers like Apache and NGINX are no exception. However, Linux distribution package maintainers often have their own opinions about layout, especially with respect to following a layout standard or scheme employed by their particular distribution.

Thus, although you can configure the proxy server entirely within its primary configuration file, if you have installed the proxy via your system package manager, this may not be the best idea. The primary config file in the cases of both Apache and nginx under both Debian-based distributions and Enterprise Linux-based distributions contains various include directives designed to allow you to place your configuration in files that are entirely controlled by you. This helps to avoid conflicts in the primary config file when the package is upgraded.

Hint

Primary configuration files can be found at:

  • nginx (both EL and Debian): /etc/nginx/nginx.conf
  • Apache:
    • EL: /etc/httpd/conf/httpd.conf
    • Debian: /etc/apache2/apache2.conf

Package Layout Overviews

Debian

Debian uses a very similar directory scheme for both nginx and Apache, where <server> is apache2 or nginx and <component> is some configuration subcomponent:

  • /etc/<server>/<component>-available for files containing configuration snippets for various instances of the given component
  • /etc/<server>/<component>-enabled for symbolic links to files in /etc/<server>/<component>-available for each snippet that the administrator wishes to enable

<component>-available is effectively a “repository” for configurations which are enabled by symbolic links in <component>-enabled.

Both nginx and Apache use the component sites, intended for individual website configurations. Apache additionally uses the components mods and conf for module loading/configuration and general global configuration statements, respectively. Nginx, lacking the mods and conf components, provides /etc/nginx/conf.d

Tip

On Debian, the paths most relevant to our purposes are:

  • nginx:
    • /etc/nginx/conf.d/*.conf for general directives that belong in the http {} block
    • /etc/nginx/sites-available/* for individual site configs
    • /etc/nginx/sites-enabled/* to enable sites
  • Apache:
    • /etc/apache2/conf-available/* for general directives that belong in the http {} block
    • /etc/apache2/conf-enabled/* to enable configs
    • /etc/apache2/sites-available/* for individual site configs
    • /etc/apache2/sites-enabled/* to enable sites

Enterprise Linux

EL’s layout is simpler: both nginx and Apache provide a single configuration inclusion directory, where <server> is httpd or nginx:

  • /etc/<server>/conf.d/

Apache additionally has a module configuration directory at /etc/httpd/conf.modules.d

Tip

On EL, the paths most relevant to our purposes are:

  • nginx: /etc/nginx/conf.d/*.conf
  • Apache: /etc/httpd/conf.d/*.conf

NGINX

Global option configuration:

On both Debian and EL, you could create /etc/nginx/conf.d/galaxy_options.conf for global options intended for the http {} block. Because this file is included from within the http {} block, you would simply define directives without enclosing them in any sort of block:

uwsgi_read_timeout 180;
client_max_body_size 10g;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
#...

Site configuration:

For the site configurations, you could create:

  • /etc/nginx/sites-available/galaxy on Debian
  • /etc/nginx/conf.d/galaxy_site.conf on EL

These files contain server {} blocks (again, not enclosed in an http {}):

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    #...
}

server {
    listen 443 default_server;
    listen [::]:443 default_server;
    server_name _;
    #...
}

On Debian, you’d then need to symlink the config with:

# ln -s /etc/nginx/sites-available/galaxy /etc/nginx/sites-enabled/galaxy

Apache

Global option configuration:

For the global options, you could create:

  • /etc/apache2/confs-available/galaxy.conf on Debian
  • /etc/httpd/conf.d/galaxy_options.conf on EL

With the global configuration directives:

SSLProtocol             all -SSLv3
SSLCipherSuite          ...
#...

Site configuration:

For the site configurations, you could create:

  • /etc/apache2/sites-available/galaxy.conf on Debian
  • /etc/httpd/conf.d/galaxy_site.conf on EL

With the <VirtualHost> blocks:

<VirtualHost _default_:80>
    Redirect permanent / https://galaxy.example.org
</VirtualHost>

<VirtualHost _default_:443>
    SSLEngine on
    SSLCertificateFile      /etc/apache2/ssl/server.crt
    SSLCertificateKeyFile   /etc/apache2/ssl/server.key
    #...
</VirtualHost>

On Debian you’d then need to symlink the configs with (or do it by hand with ln -s):

# a2enconf galaxy
# a2ensite galaxy